CVE-2019-6260

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup.

El HW y el FW de los controladores BMC (Baseband Management Controller) de ASPEED ast2400 y ast2500 implementan puertos AHB (Advanced High-performance Bus), lo que permite la lectura arbitraria y el acceso de escritura en el espacio de dirección física del BMC desde el host (o desde la red en casos especiales en los que la consola uart del BMC está conectada a un concentrador en serie).

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-14 CVE Reserved
2019-01-22 CVE Published
2024-06-14 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-785	Third Party Advisory
https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://security.netapp.com/advisory/ntap-20190314-0001	2020-08-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Aspeedtech Search vendor "Aspeedtech"	Ast2400 Firmware Search vendor "Aspeedtech" for product "Ast2400 Firmware"	*	-	Affected	in	Aspeedtech Search vendor "Aspeedtech"	Ast2400 Search vendor "Aspeedtech" for product "Ast2400"	-	-	Safe
Aspeedtech Search vendor "Aspeedtech"	Ast2500 Firmware Search vendor "Aspeedtech" for product "Ast2500 Firmware"	*	-	Affected	in	Aspeedtech Search vendor "Aspeedtech"	Ast2500 Search vendor "Aspeedtech" for product "Ast2500"	-	-	Safe
Netapp Search vendor "Netapp"		Fas\/aff Baseboard Management Controller Search vendor "Netapp" for product "Fas\/aff Baseboard Management Controller"				*		-		Affected